package org.javaboy.security_role_permission.controller;

import jakarta.annotation.security.DenyAll;
import jakarta.annotation.security.PermitAll;
import jakarta.annotation.security.RolesAllowed;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;

import java.util.List;

@RestController
@RequestMapping("/book")
public class BookController {

    @GetMapping
//    @PreAuthorize("hasAuthority('book:read')")
    @PreAuthorize("@ss.hasPermis('book:read')")
    public String getBook() {
        return "getBook";
    }

    @PostMapping
    @PreAuthorize("hasAuthority('book:insert')")
    public String addBook() {
        return "addBook";
    }

    @PutMapping
    @PreAuthorize("hasAuthority('book:update')")
    public String updateBook() {
        return "updateBook";
    }

    @DeleteMapping
//    @PreAuthorize("hasAuthority('book:delete')")
    @PreAuthorize("@ss.hasPermis('book:delete')")
    public String deleteBook() {
        return "deleteBook";
    }

    @PostMapping("/hello")
    @Secured(value = {"ROLE_ADMIN", "ROLE_USER"})
    @DenyAll
    @PermitAll
    @RolesAllowed(value = {"ROLE_ADMIN", "ROLE_USER"})
//    @PreFilter(value = "filterObject.contains('a')")
    public void hello(@RequestBody List<String> list) {
        System.out.println(list);
    }
}
